访问
用Safari,无法打开
提示:
因为无法与服务器建立安全连接
后来去换Chrome后,发现原因了:
您的连接不是私密连接 攻击者可能会试图从 www.crifan.com 窃取您的信息(例如:密码、通讯内容或信用卡信息)。了解详情 NET::ERR_CERT_DATE_INVALID 将您访问的部分网页的网址、有限的系统信息以及部分网页内容发送给 Google,以帮助我们提升 Chrome 的安全性。隐私权政策 重新加载隐藏详情 www.crifan.com 通常会使用加密技术来保护您的信息。Google Chrome 此次尝试连接到 www.crifan.com 时,此网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 www.crifan.com,或 Wi-Fi 登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Google Chrome 尚未进行任何数据交换便停止了连接。 您目前无法访问 www.crifan.com,因为此网站使用了 HSTS。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常。
点击展开详情:
NET::ERR_CERT_DATE_INVALID Subject: www.crifan.com Issuer: Let's Encrypt Authority X3 Expires on: 2020年6月15日 Current date: 2020年6月16日 PEM encoded chain:-----BEGIN CERTIFICATE—— 。。。 7VgZ1FKe85f0HMU6nX9fuYsgDzDNHSeIwLY649pZJgJzJJIjQk2v9Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQg 。。。 eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE—— 。。。 bKbYK7p2CNTUQ -----END CERTIFICATE-----
很明显,是ssl,即https证书过期了。
需要去重新延续 申请新时间
NET ERR_CERT_DATE_INVALID
Let’s Encrypt NET ERR_CERT_DATE_INVALID
certbot renew
Cert not expired but getting ERR_CERT_DATE_INVALID in crome – Help – Let’s Encrypt Community Support
Let’s Encrypt NET ERR_CERT_DATE_INVALID WordPress
Let’s Encrypt NET ERR_CERT_DATE_INVALID 解决
HTTPS的常见错误及解决方案Chrome篇默容
Chrome浏览器错误代码 | 问题原因 | 解决方法 |
NET::ERR_CERT_DATE_INVALID | 网站的ssl证书有效期过期导致的 | 重新申请新的SSL证书 |
NET::ERR_CERT_COMMON_NAME_INVALID | 访问的域名和证书绑定的域名不一致导致 | 请检查访问的域名或者证书绑定的域名是否相同 |
NET::ERR_CERT_AUTHORITY_INVALID | 使用了自签证书或者已经被吊销的根证书导致 | 请在合法的CA申请SSL证书 |
NET::ERR_CERT_REVOKED | 证书文件已经被吊销导致 | 请重新申请SSL证书 |
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN | 服务器提供的证书与内置预期证书不匹配 | 网站可能遭到劫持伪造了证书,请立即停止访问该网站 |
NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM | 网站使用已经过期的SHA1算法的中间证书 | 请联系CA更换最新算法的证书 |
ERR_SSL_VERSION_OR_CIPHER_MISMATCH | 网站使用了不受支持的协议配置证书的加密套件和加密算法不浏览器支持 | 可以参考这个修复指南 |
去想办法,重新申请新的ssl证书
Let’s Encrypt NET ERR_CERT_DATE_INVALID oneinstack
NET ERR_CERT_DATE_INVALID oneinstack
ERR_CERT_DATE_INVALID oneinstack 证书过期
”由于各种原因,oneinstack并不一定能自动续期网站脚本,导致https证书过期,此时可以手动执行更新脚本。“
尝试ssh登录crifan.com
结果好像都登录不进去了。。。
去登录Vultr重启服务器
结果:SecureCRT 依旧连不上。
感觉是:ssl证书出问题了。导致ssh无法使用,导致连不上。
看来只能抽空去用Vultr的内部的shell去操作了?
后来换个时间:20200616 14:00
可以打开了:
抽空继续处理ssl证书过期续期的问题
[root@crifan ~]# ll total 286184 drwxr-xr-x 7 root root 4096 May 9 2019 oneinstack -rw-r--r-- 1 root root 293039217 May 4 2019 oneinstack-full.tar.gz drwxr-xr-x 2 root root 4096 Jun 3 2019 shadowsocks [root@crifan ~]# cd oneinstack [root@crifan oneinstack]# ll total 3300 -rwxr-xr-x 1 root root 5861 May 4 2019 addons.sh -rwxr-xr-x 1 root root 24593 May 4 2019 backup_setup.sh -rwxr-xr-x 1 root root 14634 May 4 2019 backup.sh drwxr-xr-x 2 root root 4096 May 4 2019 config drwxr-xr-x 2 root root 4096 May 4 2019 include drwxr-xr-x 2 root root 4096 May 4 2019 init.d -rw-r--r-- 1 root root 3105478 May 9 2019 install.log -rwxr-xr-x 1 root root 50595 May 4 2019 install.sh -rw-r--r-- 1 root root 11358 May 4 2019 LICENSE -rw-r--r-- 1 root root 2510 May 9 2019 options.conf -rwxr-xr-x 1 root root 7760 May 4 2019 pureftpd_vhost.sh -rw-r--r-- 1 root root 5310 May 4 2019 README.md -rwxr-xr-x 1 root root 4938 May 4 2019 reset_db_root_password.sh drwxr-xr-x 3 root root 4096 May 23 2019 src drwxr-xr-x 2 root root 4096 May 4 2019 tools -rwxr-xr-x 1 root root 30291 May 4 2019 uninstall.sh -rwxr-xr-x 1 root root 5766 May 4 2019 upgrade.sh -rw-r--r-- 1 root root 1854 May 4 2019 versions.txt -rwxr-xr-x 1 root root 52035 May 4 2019 vhost.sh
去找找是哪个可以用于更新ssl证书的
好像是 vhost?
oneinstack vhost.sh ssl
oneinstack vhost.sh 过期
[root@crifan oneinstack]# crontab -l */20 * * * * /sbin/ntpdate -u pool.ntp.org > /dev/null 2>&1 21 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
使用”/root/.acme.sh”/acme.sh –cron –home “/root/.acme.sh”续签失败, – OneinStack
https://oneinstack.com/question/使用-root-acme-sh-acme-sh-cron-home-root-acme-sh续签失败/
续期失败一般是vhost.sh let’s绑定虚拟主机后,自己又修改了网站根目录或域名等nginx配置,vhost.sh let’s绑定是会在/root/.acme.sh 写之前的网站根目录。
但是我:并没有更改vhost
crifan.com的配置都没变过
去运行试试
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
貌似可以去renew
[root@crifan oneinstack]# "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" [Wed Jun 17 20:51:14 CST 2020] ===Starting cron=== [Wed Jun 17 20:51:14 CST 2020] Renew: 'book.crifan.com' [Wed Jun 17 20:51:15 CST 2020] Single domain='book.crifan.com' [Wed Jun 17 20:51:15 CST 2020] Getting domain auth token for each domain
但是好半天都没进度了
算了中断掉
待会抽空试试
./upgrade.sh
去试试
####################################################################### # OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+ # # Upgrade Software versions for OneinStack # # For more information please visit https://oneinstack.com # ####################################################################### What Are You Doing? 1. Upgrade Nginx/Tengine/OpenResty 2. Upgrade Apache 3. Upgrade Tomcat 4. Upgrade MySQL/MariaDB/Percona 5. Upgrade PHP 6. Upgrade Redis 7. Upgrade Memcached 8. Upgrade phpMyAdmin 9. Upgrade OneinStack latest 10. Upgrade acme.sh latest q. Exit Please input the correct option: 10
Please input the correct option: 10 [Wed Jun 17 20:55:03 CST 2020] Installing from online archive. [Wed Jun 17 20:55:03 CST 2020] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Wed Jun 17 20:55:04 CST 2020] Extracting master.tar.gz [Wed Jun 17 20:55:04 CST 2020] It is recommended to install socat first. [Wed Jun 17 20:55:04 CST 2020] We use socat for standalone server if you use standalone mode. [Wed Jun 17 20:55:04 CST 2020] If you don't use standalone mode, just ignore this warning. [Wed Jun 17 20:55:04 CST 2020] Installing to /root/.acme.sh [Wed Jun 17 20:55:04 CST 2020] Installed to /root/.acme.sh/acme.sh [Wed Jun 17 20:55:04 CST 2020] Good, bash is found, so change the shebang to use bash as preferred. [Wed Jun 17 20:55:05 CST 2020] OK [Wed Jun 17 20:55:05 CST 2020] Install success! [Wed Jun 17 20:55:05 CST 2020] Upgrade success! https://github.com/acmesh-official/acme.sh v2.8.6 What Are You Doing? 1. Upgrade Nginx/Tengine/OpenResty 2. Upgrade Apache 3. Upgrade Tomcat 4. Upgrade MySQL/MariaDB/Percona 5. Upgrade PHP 6. Upgrade Redis 7. Upgrade Memcached 8. Upgrade phpMyAdmin 9. Upgrade OneinStack latest 10. Upgrade acme.sh latest q. Exit Please input the correct option: q
然后先去看看文件
[root@crifan oneinstack]# ll /root/.acme.* total 240 -rw-r--r-- 1 root root 169 Mar 18 00:42 account.conf -rwxr-xr-x 1 root root 197210 Jun 17 20:55 acme.sh -rw-r--r-- 1 root root 78 May 23 2019 acme.sh.csh -rw-r--r-- 1 root root 78 May 23 2019 acme.sh.env drwxr-xr-x 3 root root 4096 May 23 2019 book.crifan.com drwxr-xr-x 3 root root 4096 May 23 2019 ca drwxr-xr-x 2 root root 4096 Jun 17 20:55 deploy drwxr-xr-x 2 root root 4096 Jun 17 20:55 dnsapi -rw-r--r-- 1 root root 4121 Jun 17 20:55 http.header drwxr-xr-x 2 root root 4096 Jun 17 20:55 notify drwxr-xr-x 3 root root 4096 May 23 2019 www.crifan.com
以及:
[root@crifan oneinstack]# ll /root/ .acme.sh/ .bashrc oneinstack/ .rnd .viminfo .bash_history .cache/ .oneinstack shadowsocks/ .bash_logout .cshrc oneinstack-full.tar.gz .ssh/ .bash_profile .mysql_history .pki/ .tcshrc [root@crifan oneinstack]# ll /root/.acme.sh/book.crifan.com/ total 32 drwxr-xr-x 2 root root 4096 May 23 2019 backup -rw-r--r-- 1 root root 1911 Mar 18 00:26 book.crifan.com.cer -rw-r--r-- 1 root root 851 Jun 17 20:51 book.crifan.com.conf -rw-r--r-- 1 root root 976 Jun 17 20:51 book.crifan.com.csr -rw-r--r-- 1 root root 210 Jun 17 20:51 book.crifan.com.csr.conf -rw-r--r-- 1 root root 1675 May 23 2019 book.crifan.com.key -rw-r--r-- 1 root root 1648 Mar 18 00:26 ca.cer -rw-r--r-- 1 root root 3559 Mar 18 00:26 fullchain.cer [root@crifan oneinstack]# ll /root/.acme.sh/www.crifan.com/ total 32 drwxr-xr-x 2 root root 4096 May 23 2019 backup -rw-r--r-- 1 root root 1648 Mar 18 00:42 ca.cer -rw-r--r-- 1 root root 3579 Mar 18 00:42 fullchain.cer -rw-r--r-- 1 root root 1931 Mar 18 00:42 www.crifan.com.cer -rw-r--r-- 1 root root 860 Jun 17 02:01 www.crifan.com.conf -rw-r--r-- 1 root root 997 Jun 17 02:01 www.crifan.com.csr -rw-r--r-- 1 root root 229 Jun 17 02:01 www.crifan.com.csr.conf -rw-r--r-- 1 root root 1679 May 23 2019 www.crifan.com.key
重新试试:
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
此处就很快可以继续了:
[root@crifan oneinstack]# "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" [Wed Jun 17 20:59:13 CST 2020] ===Starting cron=== [Wed Jun 17 20:59:13 CST 2020] Renew: 'book.crifan.com' [Wed Jun 17 20:59:14 CST 2020] Single domain='book.crifan.com' [Wed Jun 17 20:59:14 CST 2020] Getting domain auth token for each domain [Wed Jun 17 20:59:17 CST 2020] Getting webroot for domain='book.crifan.com' [Wed Jun 17 20:59:17 CST 2020] Verifying: book.crifan.com [Wed Jun 17 20:59:21 CST 2020] Success [Wed Jun 17 20:59:21 CST 2020] Verify finished, start to sign. [Wed Jun 17 20:59:21 CST 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/57656599/3806881519 [Wed Jun 17 20:59:23 CST 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/04c64c785734d3d2d2e62e5bc6d06b3d55a0 [Wed Jun 17 20:59:24 CST 2020] Cert success. -----BEGIN CERTIFICATE----- 。。。 -----END CERTIFICATE----- [Wed Jun 17 20:59:24 CST 2020] Your cert is in /root/.acme.sh/book.crifan.com/book.crifan.com.cer [Wed Jun 17 20:59:24 CST 2020] Your cert key is in /root/.acme.sh/book.crifan.com/book.crifan.com.key [Wed Jun 17 20:59:24 CST 2020] The intermediate CA cert is in /root/.acme.sh/book.crifan.com/ca.cer [Wed Jun 17 20:59:24 CST 2020] And the full chain certs is there: /root/.acme.sh/book.crifan.com/fullchain.cer [Wed Jun 17 20:59:24 CST 2020] Installing key to:/usr/local/tengine/conf/ssl/book.crifan.com.key [Wed Jun 17 20:59:24 CST 2020] Installing full chain to:/usr/local/tengine/conf/ssl/book.crifan.com.crt [Wed Jun 17 20:59:24 CST 2020] Run reload cmd: /bin/systemctl restart nginx [Wed Jun 17 20:59:24 CST 2020] Reload success [Wed Jun 17 20:59:24 CST 2020] Renew: 'www.crifan.com' [Wed Jun 17 20:59:25 CST 2020] Multi domain='DNS:www.crifan.com,DNS:book.crifan.com' [Wed Jun 17 20:59:25 CST 2020] Getting domain auth token for each domain [Wed Jun 17 20:59:29 CST 2020] Getting webroot for domain='www.crifan.com' [Wed Jun 17 20:59:29 CST 2020] Getting webroot for domain='book.crifan.com' [Wed Jun 17 20:59:29 CST 2020] www.crifan.com is already verified, skip http-01. [Wed Jun 17 20:59:29 CST 2020] book.crifan.com is already verified, skip http-01. [Wed Jun 17 20:59:29 CST 2020] Verify finished, start to sign. [Wed Jun 17 20:59:29 CST 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/57656599/3806883085 [Wed Jun 17 20:59:31 CST 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/046dcb943f26d22931c7b5b553302d21f083 [Wed Jun 17 20:59:32 CST 2020] Cert success. -----BEGIN CERTIFICATE----- 。。。 -----END CERTIFICATE----- [Wed Jun 17 20:59:32 CST 2020] Your cert is in /root/.acme.sh/www.crifan.com/www.crifan.com.cer [Wed Jun 17 20:59:32 CST 2020] Your cert key is in /root/.acme.sh/www.crifan.com/www.crifan.com.key [Wed Jun 17 20:59:32 CST 2020] The intermediate CA cert is in /root/.acme.sh/www.crifan.com/ca.cer [Wed Jun 17 20:59:32 CST 2020] And the full chain certs is there: /root/.acme.sh/www.crifan.com/fullchain.cer [Wed Jun 17 20:59:32 CST 2020] Installing key to:/usr/local/tengine/conf/ssl/www.crifan.com.key [Wed Jun 17 20:59:32 CST 2020] Installing full chain to:/usr/local/tengine/conf/ssl/www.crifan.com.crt [Wed Jun 17 20:59:32 CST 2020] Run reload cmd: /bin/systemctl restart nginx [Wed Jun 17 20:59:33 CST 2020] Reload success [Wed Jun 17 20:59:33 CST 2020] ===End cron===
看起来就可以了:
然后重启服务器
至少可以打开页面了,不会因为证书无法打开了
不过出现
所以去确认mysql正常运行
[root@crifan ~]# service mysqld status MySQL is not running, but lock file (/var/lock/subsys/mysql[FAILED]
果然是mysql没运行。
[root@crifan ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/vda1 79G 65G 11G 87% / devtmpfs 1.9G 0 1.9G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 17M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup tmpfs 379M 0 379M 0% /run/user/0
不是空间问题。
参考自己的
【已解决】mysql启动报错:MySQL is not running but lock file /var/lock/subsys/mysql FAILED
去删除:
# rm -f /var/lock/subsys/mysql
再去重启
[root@crifan ~]# service mysqld restart MySQL server PID file could not be found! [FAILED] Starting MySQL..... [ OK ]
即可:
终于页面可以正常登录了:
可以登录进去后台管理页面了:
【总结】
此处基于OneInStack搭建的WordPress网站,用了Let’s Encrypt的SSL证书。
现在去访问页面,发现ssl证书过期了。现在想要去更新证书。
最终是:
1.把acme.sh更新到最新版
步骤:
cd oneinstack ./upgrade.sh
然后输入:10
对应着:10. Upgrade acme.sh latest
回车后,其会自动更新。
注:
(1)对应着地址是:
https://github.com/acmesh-official/acme.sh
当前更新后版本是:v2.8.6
(2)此处确认就是之前acme.sh有问题
其会卡死在:
Getting domain auth token for each domain
导致自动更新失败
- 去手动运行命令更新证书
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
即可。
其他说明:
(1)
此处已通过:
# crontab -l 。。。 21 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
确保crontab中是有acme.sh的任务,会定期自动更新的。
【后记 20200822】
【已解决】WordPress网站crifan.com出错:建立数据库连接时出错 这意味着您在wp-config.php文件中指定的用户名和密码信息不正确